Right now the only unwanted items showing in this log are you have two antivirus softwares installed, which will cause quite a few problems and issues. You need to choose between them, then disable all security software and uninstall either AVG or Avast. Realistically, as this arrangement may have corrupted both, you might want to go with uninstalling both for now, until we get things sorted out here. You may find some improvements just by those removals.

Once you have made those changes reboot, and let's get some additional info to check further.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Computer Name: USER-CF7CB10869Event Code: 1003Message: Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D605B12BE. The followingerror occurred: The semaphore timeout period has expired..Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server.

Computer Name: USER-CF7CB10869Event Code: 1003Message: Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 001D605B12BE. The followingerror occurred: The operation was canceled by the user..Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server.

Computer Name: USER-CF7CB10869Event Code: 1517Message: Windows saved user USER-CF7CB10869\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

The Gmer log shows normal AOL functions. I see you have run ComboFix and Malwarebytes, so I am coming aboard here without knowing the benefits of what changes they may have made. But the logs do show good 'ol Messenger Plus, and it's not-so good 'ol Lop adware, which it calls it's "Sponsor". Both are owned by Circle Media so just some trickery on their part. After the Messenger Plus install the adware waits 36 hours before going active. This way the user does not suspect Messenger Plus as the infection source.

Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

Messenger Plus! Live & Sponsor (CiD)

--------------------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

-------

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threatsScan unwanted applications

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.

If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Run a new RSIT scan and post that main log along with the Eset log and the Malwarebytes log please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Dogone Lop didn't completely uninstall when Messenger Plus was removed. Though why trust a crook to do something honorable. Let's address that now.

The logs also show an undesirable Mrs Cash Back 1.0 toolbar, so be sure to uninstall that through Add/Remove Programs.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.

A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes" (it will).

-----------

Then see if you have normal online access and can do this scan:

Disable your antivirus program (remember to re-enable it once this scan is complete) and go here (be sure to re-enable it after the scan completes) and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and take a break for a while.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export the scan report". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All. Then copy/paste that log back here please.

---------------

Run and post back a new RSIT scan log, the OTM log and the BitDefender log please.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

1394 Connection's are "firewire" connections, and can refer to any devices connected via that method. So may not necessarily actually be network connections. The Local Area Connection suggests your ethernet port. You don't mention a Dial-up connection there though, and may need to recreate that. However, the logs indicate AOL, so if you use that for dial-up I am not quite sure how connections might be accessed - I assume though AOL's software.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Crypto service isn't really something to be downloaded, and as an essential system service you likely have one, but a damaged one. I sense your situation is similar to a few other threads I am aware of, and it is actually three services affected, and maybe some important system files. Let's check all that, then correct what needs correcting.

When prompted, uncheck the desktop icon options, and also decline to have Erunt create an entry in your Startup folder. When the install is finished, click the Finish button to launch ERUNT. Then just click OK to each of the next prompts, and allow Erunt to create a Registry backup.

Then I would like to check a Registry backup file Erunt created there, to check if any other unwanted changes have been made we need to address.

Right click My Computer, left click Explore, and use the plus + symbols to navigate to the following hilighted file:

C:\WINDOWS\ERDNT\(date backup was made)\system

Zip a copy of that (using any zip program you have, or right click the file and select Send To - Compressed (zipped) Folder), then go here, press new topic, fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select the file on your computer.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

However, on this laptop, there was a small windows update running for about 20seconds that decided to run without asking me. This is exactly what the virus on my PC did... given that the only way I've been able to get downloaded files to me PC- what with it's internet being down and all- is via a USB stick, the same virus is probably on the laptop. What do you reccomend I do before it infects further?

You can create a special folder, named autorun.inf, that will thwart the infection creating that same named file. It uses this to autostart it's infection processes.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Click here and download Flash_Disinfector.exe and save it to your desktop.

Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program.

The utility may ask you to insert your flash drive and/or other external/removable drives. Please do so and allow the utility to clean up those drives as well.

Then leave any drives installed until all repairs here have been completed.

This will also create autorun.inf folders on all drives there, which serves to block autoloading infection from creating some of their bad files they need to infect other drives and systems.

Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.